Ransomware prevention checklist

 Conduct security awareness training and educate your end users about ransomware attacks.

 Train your end users to spot and report phishing emails containing malicious attachments.

 Ensure your firewalls are operational and up-to-date at all times.

 Logically separate your networks.

 Employ a strong email filtering system to block spam and phishing emails.

 Patch vulnerabilities and keep all your software updated.

 Set up rigorous software restriction policies to block unauthorized programs from running.

 Keep your antivirus fully operational and up-to-date.

 Conduct periodic security assessments to identify security vulnerabilities.

 Enforce the principle of least privilege

 Disable Remote Desktop Protocol (RDP) when not in use.

 Disable macros in your Microsoft Office files

 Use a strong, real-time intrusion detection system to spot potential ransomware attacks.

 Back up your files using a 3-2-1 backup rule, i.e. retain at least three separate copies of data on two different storage types, with at least one of those stored offline.

 Ensure that you back up critical work data periodically.

 Enforce regular checks for data integrity and recovery on all your backups.

 Shut-down infected systems immediately.

 Disconnect and isolate infected systems from the network.

 Isolate your backups immediately.

 Disable all shared drives that hold critical information.

 Issue an organization-wide alert about the attack

 Contact your local law enforcement agency and report the attack

 Determine the scope and magnitude of an infection by identifying the type and number of devices infected, as well as what kind of data was encrypted.

 Determine the type and version of the ransomware

 Identify the threat vector used to infiltrate your network.

 Conduct root cause analysis.

 Mitigate any identified vulnerabilities.

 Check if a decryption tool is available online.

 Restore your files from a backup.